Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability

2014.01.22

Credit: CISCO

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2014-0660

CWE: N/A

CVSS Base Score: 7.1/10

Impact Subscore: 6.9/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: None

Integrity impact: None

Availability impact: Complete

Cisco Security Advisory: Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability

Advisory ID: cisco-sa-20140122-isdngw

Revision 1.0

For Public Release 2014 January 22 16:00  UTC (GMT)

+---------------------------------------------------------------------

Summary
=======

Cisco TelePresence ISDN Gateway contains a vulnerability that could allow an unauthenticated, remote attacker to 
trigger the drop of the data channel (D-channel) causing all calls to be terminated and preventing users from making 
new calls.

Cisco has released free software updates that address this vulnerability. No workarounds that mitigate this 
vulnerability are available. This advisory is available at the following link:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw

References:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140122-isdngw

http://seclists.org/fulldisclosure/2014/Jan/146

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Cisco TelePresence ISDN Gateway D-Channel Denial of Service Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.